English
English
Swedish
ABOUT US
PRODUCTS
Warranty Insurance
Accident and Health
Payment Protection
Deductible Insurance
Travel Insurance
CLAIMS
CONTACT US
Search for:
ABOUT US
PRODUCTS
Warranty Insurance
Accident and Health
Payment Protection
Deductible Insurance
Travel Insurance
CLAIMS
CONTACT US
Search for:
Contact Us
AmTrust Nordic Privacy Policy
AmTrust's Privacy Notice
Table of Contents
1.
Personal data controller
2.
What information do we collect?
2.1.
Specific information on sensitive data
3.
What do we do with your information?
4.
Transferring personal data
4.1
Data procesors
4.2
Independent personal data controller
4.3
Companies within our group
4.4
International transfer of personal data
5.
Your rights
6.
How long do we store your personal data?
7.
Automated decision making
8.
Cookies
9.
Contact us
10.
Changes to this privacy notice
11.
Other languages
1. Personal data controller
AmTrust (as defined below) protects your privacy. This privacy notice explains how AmTrust col- lects and uses your personal information. It also describes your rights in relation to us, and how you can exercise those rights. Unless otherwise stated, this privacy notice applies to the following companies:
AmTrust International Underwriters DAC (169384) (”
AIU
”);
AmTrust Nordic AB (556671-5677) (”
AmTrust Nordic
”);
AmTrust Insurance Services Sweden AB (556885-4300) (”
AISS
”);
This privacy notice is common to AIU, AmTrust Nordic and AISS (AIU, AmTrust Nordic and AISS are hereinafter collectively referred to as "
AmTrust
", "
us
" or "
we
"). To the extent any of the pro- cessing activities listed below are relevant only in relation to one of the AmTrust companies, this will be specifically noted in this privacy notice.
AIU and its general agent
AIU is an Irish insurance company and is the data controller for the processing of your personal data.
AmTrust Nordic is a Swedish company that acts as the general agent of AIU and represents AIU in Sweden. In its capacity as general agent, AmTrust Nordic will, among other things, administer your insurance with AIU and handle any questions or complaints you may have. As general agent, AmTrust Nordic is responsible for processing your personal data as a data processor for AIU. In these cases, AIU is responsible for the processing of your personal data in its capacity of data controller.
AmTrust Nordic as an insurance intermediary
AmTrust Nordic is also a registered insurance intermediary that distributes insurances for which AIU is the insurer. If AmTrust Nordic has distributed an insurance to you, both AmTrust Nordic and AIU are data controllers. In these cases, AmTrust Nordic and AIU have different purposes, stated in item 3. below, for processing personal data.
AISS
AISS is a registered insurance intermediary that distributes insurances. In its capacity of insurance intermediary, AISS acts as a data controller with respect to the personal data it collects.
AISS also handle insurance claims on behalf of AIU. As claims handler, AISS is responsible for processing your personal data as a data processor for AIU, whereas AIU is responsible for the processing of your personal data in its capacity of data controller.
2. What information do we collect?
The personal data we collect, and how we collect it, depends on our relationship with you. Below are examples of the categories of personal data that we may process.
We collect information from you when you interact with us through our various communication channels (e.g., through our website, claims portal or by phone) or through third parties. Examples of third parties from which we may collect data are public sources, such as population registers, tax authorities, EU sanction lists, credit rating registers, but also from other external sources such as employers, public employment services, government agencies, care providers, and other insurers or insurance intermediaries that we collaborate with.
The personal data we process includes the following categories of data:
General identification and contact information
: Name; residential address; email address and phone number; personal identification number or similar; gender; marital status; family sta- tus; family relationship to the policyholder, the insured or claimant.
Generic insurance information:
Insurance number, claim number, insurance amount, benefi- ciary, insurance type and premiums paid.
Insurance type information
: information relating to your specific policy, such as location and identification number or similar information to identify the insured property (for example prop- erty identification numbers such as telephone IMEI number, property address, vehicle registra- tion number); information regarding loans or credits if the insurance covers or provides protec- tion for payment or income credit; information about travel arrangements if the insurance co- vers travel; age profile or other information regarding the individuals you wish to insure; em- ployment relationship; membership of organizations; previous injuries; other insurance policies that you hold; as well as information about damage/injury that has occurred.
Financial Information And Account Details:
Payment card number; bank account number and bank account details; billing address; credit history and credit score; assets; income; as well as other financial information.
Special categories of personal data (sensitive data)
: Health information such as current or former physical, mental or medical conditions and medical history and trade union membership (for example if you apply for insurance through a trade union, or which is procured by a trade union).
Information required to detect, prevent, investigate fraud, or make checks against finan- cial sanctions lists
: We collect information about you that allows us to prevent, detect, investi- gate, and report fraud, or to fulfil our obligation to check applicable sanctions lists before issu- ing insurance or processing payments under the insurance.
Claim information from other insurance companies
: Information from the Common Claims Register (GSR), such as personal identification number, type of claim, claim number and IMEI number.
Photos and video recordings
: Photos and video recording you send us in connection with claims handling.
Recording phone calls
: Recordings of telephone calls to our representatives and call centres.
Please do not disclose any personal information about yourself to us unless we have requested you to do so. Unsolicited personal data will be deleted.
2.1 Specific information on sensitive data
We process sensitive personal data (such as information about health or trade union membership) if it is necessary to establish, exercise or defend a legal claim.
As an insurer, we have an obligation to contract in respect of specific insurance contracts (such as personal insurance contracts). This obligation starts to apply when we have received the infor- mation we need to assess the risk of entering into a certain insurance contract. This means that we sometimes need to collect sensitive personal data to determine whether you can take out the insurance.
Even after you have taken out insurance, the processing of sensitive personal data may be neces- sary for us to determine your right to compensation in the event of a claim.
Sensitive personal data will only be used for the purposes stated in item 3 below.
3. What do we do with your information?
The information you provide to us or that we receive from third parties is generally necessary to en- ter into a contract with us and to enable us to perform our contractual obligations to you, while some of the information we collect may also be necessary for other purposes. See further details below:
Categories of personal data
Purpose (intention of the processing)
Legal basis
General identification and contact information
Calculate insurance premiums, offer and accept insurance cover, offer renewals, inform of changes to the insurance, handle complaints and appeals.
Fulfilment of AmTrust’s legal obligations. For example, determining your right to take out insurance.
Improve our products, develop new systems and processes.
AmTrust’s legitimate interest in improving and developing its products, systems, and processes.
Validate/confirm your identity.
Performance of contract or, at your request, taking necessary steps prior to entering into a contract
with you.
Carry out customer satisfaction surveys (e.g., after you have been in contact with our claims department), by email, SMS, tele- phone or through other communication chan- nels.
AmTrust's legitimate interest in being able to carry out customer satisfaction surveys.
Categories of personal data
Purpose (intention of the processing)
Legal basis
Perform claims handling
Performance of contract.
Answer your questions by web portal, email, post, or phone.
Performance of contract or, at your request, taking necessary steps prior to entering into a contract
with you.
Prevent, detect, and investigate crime, including fraud.
Fulfilment of AmTrust’s legal obligations.
Comply with applicable laws and legal obliga- tions (including laws outside your country of residence), such as those relating to and ter- rorism or financial sanctions.
Fulfilment of AmTrust’s legal obligations. For example, screening against applicable sanctions lists.
If you are the contact person for a supplier, partner, or policyholder:
Administer and fulfil agreements with suppliers (your employer) or policyholders.
Performance of contract or, at your request, taking necessary steps prior to entering into a contract.
Generic insurance information
Calculate insurance premiums, offer and accept insurance cover, offer renewals, inform of changes to the insurance, handle com- plaints and appeals.
Performance of contract or, at your request, taking necessary steps prior to entering into a contract.
Perform claims handling.
Performance of contract.
Insurance type information
Calculate insurance premiums, offer and accept insurance cover, offer renewals, and in- form of changes to the insurance.
Performance of contract or, at your request, taking necessary steps prior to
entering into a contract.
Perform claims handling.
Performance of contract.
Financial information and account details
Calculate insurance premiums, offer and accept insurance cover, offer renewals, and process payments.
Performance of contract or, at your request, taking necessary steps prior to
entering into a contract.
Perform claims handling.
Performance of contract.
Categories of personal data
Purpose (intention of the processing)
Legal basis
Sensitive information
Calculate insurance premiums, offer and accept insurance cover and offer renewals.
The processing is necessary to establish, exercise or defend legal rights. For example, determining your right to take out insurance.
Process and investigate claims and process any complaints and appeals.
The processing is necessary to establish, exercise or defend legal rights. For example, determining your right to insurance compensation.
Detect, prevent and investigate fraud.
The processing is necessary to establish, exercise or defend legal rights. For example, determining your right to insurance compensation.
Information re- quired to detect, prevent, investigate fraud or make checks against financial sanctions
Detect, prevent, investigate fraud or Carry out checks against financial sanctions lists.
Fulfilment of AmTrust’s legal obligations. For example, screening against applicable sanctions lists.
Claim information from other insurance companies
Detect, prevent and investigate fraud.
AmTrust's legitimate interest in preventing fraud.
Categories of personal data
Purpose (intention of the processing)
Legal basis
Photos and video recordings
Perform claims handling.
Performance of contract.
Recording phone calls
Document agreements.
Fulfilment of AmTrust’s contractual obligations or, at your request, taking necessary steps prior to
entering into a contract.
Provide improved quality, training, and secu- rity (for example, in relation to monitored or recorded phone calls to/from our contact numbers)
AmTrust's legitimate interest in improving our cus- tomer service.
Process complaints
Fulfilment of AmTrust’s legal obligations. For example, handle complaints in accordance with applicable law.
4. Transferring personal data
4.1 Data processors
In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that act as our data processors. A data processor is a company that processes the data on our behalf, and in accordance with our instructions. Examples of such data processors are:
Claims adjusters
– Third Party Claims Administrators; claims investigators and claims adjust- ers
IT service providers
– Systems, support hosting providers and IT consultants
Analytic companies
– Customer survey and analytics service providers
Financial companies
- Card companies, banks, and payment service providers
Insurance administrators
– Administrators of insurance
Service providers
- repair centres and providers of services such as customer satisfaction surveys.
When your personal data is shared with a data processor, it is done only for purposes that are compatible with the purposes for which the data was collected (such as fulfilling our obligations un- der the insurance contract). We have entered into written agreements with all personal data pro- cessors, wherein they undertake to ensure the security of the personal data they process and to comply with our security requirements, restrictions, and requirements regarding the international transfer of personal data and as applicable under GDPR.
4.2 Independent personal data controller
We also share your personal data with certain companies, authorities and organizations that are independent data controllers. The fact that these companies, authorities, and organizations are in- dependent data controllers means that we do not decide the purpose and means of the processing carried out by these companies.
Examples of independent data controllers with whom we share your personal data are:
Distribution partners
– Insurance intermediaries and tied insurance intermediaries; partners and agents; re-insurers; other types of distributors and administrators.
Service providers
– External service providers such as commercial and credit information companies, accountants, actuaries; auditors, experts, lawyers, and other external professional advisers; fraud detection providers; banks and financial institutions.
Government and other public authorities or bodies
- AmTrust may disclose personal infor- mation to government and other public authorities (including, but not limited to, regulatory au- thorities, courts, police, tax authorities, and criminal investigation authorities) and to bodies to which we have a legal obligation to disclose information.
Common Claims Register (GSR)
- AmTrust has access to a claim reporting register common to the Swedish insurance industry (the "
GSR
"). The GSR contains certain information about insurance claims as well as information about who requested compensation in a specific claim case. The GSR is only used in connection with the assessment of claims. This means that we could find out if you have previously reported a claim to another insurer. The purpose of the GSR is to provide a basis for insurers to identify unclear insurance cases. In this way, the in- surers can counteract the payment of compensation based on incorrect information. The data can also be used in anonymous form for statistical purposes. The personal data controller for GSR is Skadeanmälningsregister (GSR) AB, PO Box 24171, 104 51 Stockholm, Sweden. Visit
www.gsr.se
for more information on the processing of data carried out by GSR.
When your personal data is shared with a company, an authority or an organization that is an inde- pendent data controller, the privacy notice of that company, authority or organization applies.
4.3 Companies within our group
To be able to offer the insurance products and services provided by other companies within the AmTrust group, we also transfer personal data to other companies that are part of our group. You can find a list of current group companies at
www.amtrustinternational.com.
4.4 International transfer of personal data
For the purposes stated above, AmTrust may transfer your personal data to parties outside the European Union/European Economic Area (“
EU/EEA
”). When we transfer your personal data outside the EU/EEA, we will ensure that an adequate level of data protection is in place, and that appropriate protective measures are taken in accordance with applicable data protection requirements, such as the GDPR. These safeguards consist of ensuring that the third country to which the data is transferred is deemed as having an adequate level of protection by the European Commission or, where there is no adequacy decision, that the European Commission's standard contractual clauses have been entered into between AmTrust and the recipient. AmTrust transfers personal data to the UK, USA, and Israel.
You will find more information on which countries are considered to have an "adequate level of data protection" at
EU Commission website,
where you can also find more information about
standard
contract clauses.
A copy of the "Standard Contractual Clauses" entered into may be obtained by writing to the Data Protection Officer at the address provided below in section 9.
5. Your rights
We are responsible for ensuring that your personal data is used in accordance with law and that you have the opportunity to exercise your rights. You can contact us at any time if you want to ex- ercise your rights.
We are obliged to respond to your request within one (1) month from the date of receipt. However, if your request is complex or if we have received a large number of requests, we may extend the response time by an additional two (2) months. If we are unable to comply with your request, we must inform you within one (1) month from the date of receipt, explaining why we are unable to do so, and inform you that you have the right to lodge a complaint with the regulatory authority.
All information, communication, and actions we carry out are offered to you at no cost. However, in the event that your request is deemed unfounded or unreasonable, we reserve the right to charge an administrative fee to provide you with the information or to carry out the requested action, or to decline your request altogether.
You have the following rights in relation to our processing of your personal data:
Withdrawal of consent
– If we rely on your consent as our legal basis for processing your personal data, you can revoke this consent at any time.
Request a copy of personal data we hold about you
- You can request an extract regard- ing the personal data we process about you.
Erasure of personal data
- Under certain circumstances, such as when you have withdrawn a previously provided consent or when we no longer need to process your personal data, you may have your personal data erased. In some cases, we are entitled to retain certain personal data despite your request of erasure (e.g., if we have a legal obligation to retain your personal data).
Correction
- You can request to have incomplete or incorrect personal data corrected or erased.
Restriction and object to future processing
- Under certain circumstances, you have the right to restrict the processing of your personal data to only comprise storage of the personal data, e.g. during the period in which AmTrust investigates whether you have the right to erasure according to item
3
above. If your personal data is processed on the basis of a bal- ancing of interests and you deem that your integrity interest overrides AmTrust's legitimate interest in processing your personal data, you have the right, based on grounds related to your particular situation, to object to the processing by contacting AmTrust using contact de- tails set out in section 9 below. If you object to the processing, AmTrust must provide you with a compelling legitimate reason to why AmTrust may continue processing the personal data.
Data portability
- When your personal data is processed on the basis of your consent or be- cause the processing is required to fulfil or enter into an agreement with you and provided that the personal data has been collected directly from you, you have the right to receive a copy of your personal data in a common and widely used machine readable format.
Rights in relation to automated decision-making, including profiling
- You have the right not to be subject to decisions that are made solely by automated means, including pro- filing, if such decision-making has legal consequences or has similarly significant impact on you. However, this right does not apply if the automated decision-making is necessary for us for entering into, or the performance of, a contract with you, if the decision-making is ex- pressly permitted by law, or if you have given your explicit consent. More information about how we use automated decision-making can be found under section 7.
Complaints to supervisory authority
- You are welcome to contact us with questions or complaints regarding the processing of your personal data. However, you are also always entitled to lodge a complaint regarding the processing of your personal data to the data pro- tection authority in the country in which you are domiciled.
To exercise your rights as above please write to the Data Protection Officer at the address provided in section 9 below.
6. How long do we store your personal data?
If we have entered into an agreement with you, we will retain necessary information for as long as we have obligations under the agreement and as long as you have the opportunity to make claims under the agreement. This means that we will also keep your personal data for some time after the agreement has expired. In some cases, you can contact us with supplementary requirements under the agreement as long as the limitation period is in force. When the statute of limitations for the agreement expires, our relations are also completely resolved. This means that we retain your per- sonal data during the limitation period. The length of the limitation period varies depending on the type of insurances under the insurance contract but, as a general rule, the limitation period is 10 years.
In summary, we are required to store information, including personal data, for as long as necessary to comply with the agreements, laws, and regulations applicable to our insurance business. We must keep personal data due to, among other things, legislation on, bookkeeping, insurance distribution, prescription rules, and legislation on measures against money laundering and financing of terrorism.
When the retention period has expired, we will delete or anonymize your personal data in accordance with our procedures for data minimization and anonymization.
7. Automated decision making
General facts about automated decision-making
We provide certain services that involves automated decision-making. Automated decision-making is an integral part of effective management. If an automated decision has a significant impact on you, you have the right in certain situations to not be subjected to automated processing alone. This means that in certain situations you may have the right to demand manual processing. We will inform you when the right to demand manual processing arises during the process.
Automated decisions in certain claims cases
We employ automated processes to handle certain insurance claims in our claims handling. This means that, in certain instances, we may assess your insurance claim automatically by consolidating the information that you provide in your claim report and any previous claims history, along with the terms and conditions of your insurance. If a decision is reached based on automated decision-mak- ing, you will receive information about the decision and your rights.
In some claims, a credit check is conducted using information from third parties. In this context, an automated decision is made regarding the payment options that are offered to you for paying your deductible.
8. Cookies
AmTrust Nordic uses cookies and similar tracking technologies to deliver a smooth and user-friendly online experience. Cookies are small text files consisting of letters and numbers. These are sent from AmTrust Nordic's web servers and saved on your device for a limited time. The cookies we use improve the services we offer you. Some of our services need cookies to function, while others are simply there to make our services more convenient for you. Read more about which cookies we use in our cookie policy.
https://amtrustforsakring.se/cookie-declaration/
9. Contact us
Contact details for AIU
AmTrust International Underwriters DAC (169384), 6-8 College Green, Dublin 2, D02 VP48, Ireland.
Contact details for AmTrust Nordic AB, also AIU's general agent in Sweden
AmTrust Nordic AB, corporate identity number 556671-5677, Linnégatan 14, 111 47 Stockholm, Sweden.
Contact details for AISS
AmTrust Insurance Services Sweden AB, corporate identity number 556885-4300, Linnégatan 14, 111 47 Stockholm, Sweden.
Data Protection Officer for AmTrust
If your question concerns AmTrust International Underwriters DAC, contact
Data Protection Officer, AmTrust International Underwriters DAC, 6-8 College Green, Dublin 2, D02 VP48, Ireland.
Data protection officer for AmTrust general agent in Sweden
If your question concerns AmTrust Nordic AB or AISS, contact
dpo.nordic@amtrustgroup.com or Data Protection Officer, AmTrust Nordic, Linnégatan 14, 114 47 Stockholm.
It is also possible to contact each company directly in the event of data protection matters at the respective addresses above. However, for those of you who live in the Nordic region, it is advised to contact the Data Protection Officer for AmTrust's general agent in Sweden. If you are unsure which company to contact, we will help you by guiding you in the right direction or by contacting the relevant company for you.
10. Changes to this privacy notice
We may revise this privacy notice at any time by amending this page. We will inform you in the event of significant changes.
Updated 14/06/2023
11. Privacy policy in other languages
Swedish
Finnish
Norwegian
Polish
Danish
Croatian
Spanish
Estonian
German
Latvian
Lithuanian
Austrian
Italian
Dutch
Privacy Policy For Partners